At a glance.
- A wormable version of the PlugX USB malware is found.
- Phishing messages via legitimate Google notifications.
- Compromised webcams as a security threat.
- Emotet botnet out of hibernation.
- Proof-of-concept: AI used to generate polymorphic keylogger.
- Turning to alternatives as conventional tactics fail.
A wormable version of the PlugX USB malware is found.
Sophos is tracking a new version of the PlugX USB Trojan. The researchers say the “novel aspects of this variant are a new payload and callbacks to a C2 server previously thought to be only tenuously related to this worm.” PlugX is a known malware variant that can spread via USB sticks, which can sometimes allow it to access air-gapped systems. The malware is currently spreading in African countries, with infections observed in Ghana, Zimbabwe, and Nigeria. The new variant was also observed in Papua New Guinea and Mongolia. Sophos believes this campaign is linked to the Chinese APT Mustang Panda, which has been known to use the malware in the past. For more on this PlugX variant, see CyberWire Pro.